Emerging cyber threats: Top trends that will take the spotlight in 2023
As the world gradually emerges out of the unforeseen challenges in wake of the pandemic, a distinct takeaway has been the advent of a new normal, where organisations have decided not to halt the accelerated momentum, rather continuing to make digital the underlying and undisputed rulebook for one and all. As a result, the role of digital technologies in the overall business ecosystem continues to evolve at an exponential pace.
An immediate fallout of this accelerated digital adoption is the ever-increasing concern around cyber breaches and their impact on businesses. Last year has witnessed an unprecedented higher proportion of cyber breaches whose impact was not only confined to businesses but also spread out to end-users in the form of data violation and financial loss.
This phenomenon is likely to continue in the current year and hence cyber security will continue to be prime consideration in business decision-making.
While it is impossible to make predictions of any kind with respect to rapidly evolving cyber attacks, here are the top cyberattack and threat trends that are likely to be observed in 2023:
Rise in the number & frequency of cyberattack attempts:
AI and ML are being used by hackers to automate their mechanisms to attempt to breach the IT infrastructure or digital user interface on a 24×7 basis. This has evolved to an extent where cybercriminals are creating high-end algorithms to intensify their malicious activities.
The trend is further expected to pick pace in the year 2023.
Digital Payment space to continue as the favourite playground for cybercriminals
Many players in the payment space, who in the pre-pandemic era were going for digitalisation in a ‘me too’ or half-hearted manner, suddenly realised that their existence itself may be at stake if they do not provide contactless, anytime, anywhere kind of services to their customers. So, digitisation was taken up, somewhat haphazardly, at a pace & scale they had no experience of.
In their zeal to provide great Ux and faster GTM, the security aspect was overlooked. What has added a layer of further complexity here is that a large number of Indians are just beginners or are having their first encounter with digital payments — they are little aware of the risks and the malicious attacks they can be subjected to. The threat actors are well aware of these low-hanging fruits and are targeting these vulnerable segments in a systematic and organised manner.
We do not see any respite in near future since the digital payment ecosystem players have been found to be rather slow in adoption of security solutions and spreading of security awareness amongst their end users.
5G coming in the radar of threat actors
The fifth generation (5G) of wireless technology will usher in a revolution of sorts with much faster speed benefitting the internet users. 5G and Internet of Things (IoT) will also add billions of internet-connected devices into the world. Each of these is a potential target for hackers. Unless users and the device/network providers up their ante, expansion of 5G coverage in 2023 can offer a fertile ground to cyber attackers to target this upcoming area.
Violation of mobile apps and devices
Mobile is at the center of digital growth. Attackers are well aware that in the mobile world, security is often traded off in favour of user experience. So, they are likely to intensify their attacks with lethal viruses, malwares & trojans targeted on mobile devices and apps. The growing penetration of apps into the mobile phone market and a higher dependence of users on apps call for a closer look at the security aspect of the landscape.
Apart from banking apps, data-rich government mobile apps and high-profile capital market apps are at serious risk. The attacks could also be more globalised in nature. A multi-layered security framework, esp. runtime security is essential to be considered while launching these apps. Prevention-first tools are a must.
Cloud coming under the scanner
Cloud technology is growing phenomenally amongst businesses these days. Always on the prowl for bigger and multiple attack-surfaces, cyber-attackers may start building more malware that run in cloud environments. While the simplicity with which a digital asset can be deployed on cloud is commendable, it is just as easy to accidentally misconfigure or expose an asset to attacks. It is essential to realise that malicious actors continue to invest more to sharpen their techniques for the attacks.
There is a risk to invaluable organisational data. Security measures need to be constantly monitored and updated in order to stay ahead of these attacks.
Breaches in the financial services value chain & supply chain
Financial services conglomerates are busy creating super apps to provide their users with all services under a single umbrella. In cases where the security on these apps are weak or loose, there is a higher chance of a breach. Furthermore, this kind of multiple-channels-under-one-canopy ecosystem involves several parties forming a value chain. One weak link is enough to play havoc with the entire chain. The same applies to systems integrated with several supply chain players. Strict monitoring of the entire supply chain is essential.
Advanced device binding is an important practice but often undervalued. Financial services providers must keep in mind that these systems are used by the masses and the likelihood of them being attacked with a malware could lead to a major financial loss for the users.
The future of digital technologies also involves a darker side of cyberattacks. The fluidity of cyberattacks requires organisations to rethink and re-calibrate their cybersecurity strategy. Prevention-first tools, Runtime Application Self Protection (RASP) capabilities, predictive AI technologies and Zero Trust frameworks can offer organizations an effective alternative to traditional cybersecurity solutions. With all-round measures, organisations can have a one-up on cyber attackers and keep themselves safe in 2023 and beyond.
[This article was authored by Manish Mimani, Founder & CEO of Protectt.ai. The view expressed in the article are solely of the author’s]